CSCuq98748- Bash Vulnerability

Similar Messages

• Community Discussion on CSCuq98748- Bash Vulnerability

  Hi, Is Nexus 7K and 5K are open to Shellshock vulnerable?
  can you please confirm

     Yes they are vulnerable if you are using a certain version of code . The 5k's have 3 different versions that are vulnerABLE and the 7k's have one version  6.2.6 which is vulnerable.
  5K info
  Last Modified:
  Sep 29,2014
  Status:
  Open
  Severity:
  2 Severe
  Product:
  Cisco Nexus 5000 Series Switches
  Support Cases:
  0
  Known Affected Releases:
  (3)
  5.2(1)N1(8a)
  6.0(2)N2(5)
  7.0(3)N1(0.125)
  Known Fixed Releases:
  (0)
  Download software for  Cisco Nexus 5000 Series Switches
  Support Cases:
  (0)
  Support case links are not customer visible
  -->
  Related Bugs
  Bug(s)
  -->
  Community Discussion on CSCur05017 - Cisco Support Community

• [CVE-2014-6271] IronPort appliances affected by recent bash vulnerability?

  http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x
  Discussion?

  Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Please refer to the expanded "Affected Products".
  The following Cisco products are currently under investigation:
  Cable Modems
  Cisco CWMS
  Network Application, Service, and Acceleration
  Cisco ACE GSS 4400 Series Global Site Selector
  Cisco ASA
  Cisco GSS 4492R Global Site Selector
  Network and Content Security Devices
  Cisco IronPort Encryption Appliance
  Cisco Ironport WSA
  Routing and Switching - Enterprise and Service Provider
  Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500
  Cisco ISM
  Cisco NCS6000
  Voice and Unified Communications Devices
  Cisco Finesse
  Cisco MediaSense
  Cisco SocialMiner
  Cisco Unified Contact Center Express (UCCX)
  Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.

• Contact Center Express GNU Bash vulnerability CSCur02861

  Cisco Security Advisory notes that Contact Center Express is affected by GNU bash vulnerability  [CSCur02861] . But this bug report is not public available. does anyone have information which versions are affected?

  8.0(2)SU5
  NO patch  as it has reached End of SW Maintenance Releases Date
  8.5(1)SU4
  http://software.cisco.com/download/release.html?mdfid=283625051&flowid=46059&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  9.0(1)
  http://software.cisco.com/download/release.html?mdfid=284367996&flowid=46061&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  9.0(2)SU2
  http://software.cisco.com/download/release.html?mdfid=284666782&flowid=46062&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  10.0(1)SU1
  http://software.cisco.com/download/release.html?mdfid=285000761&flowid=49042&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest10.5(1)SU1
  http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  10.5(1)SU1
  http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest

• NX-OS ( n7000-s1-dk9.5.1.3.bin ) BASH VULNERABILITY - CVE-2014-6271 and CVE-2014-7169

  Hi ,
  Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169 , I am referring below link to check for NX OS  - n7000-s1-dk9.5.1.3.bin
  https://tools.cisco.com/bugsearch/bug/CSCur04856
  5.1.3 is not mentioned in the affected list.Need help to know if 5.1 is affected with BASH Vulnerability .
  Thanks for help in advance .

  The concern with the bash shell is that services MAY be setup to run as
  users which use those shells, and therefore be able to have things
  injected into those shells. Nothing on NetWare uses bash by default,
  because NetWare is not anything like Linux/Unix in its use of shells.
  Sure, you can load bash for fun and profit on NetWare, but unless you
  explicitly request it the bash.nlm file is never used. On NetWare I do
  not think it is even possible to have any normal non-Bash environment
  variable somehow be exported/inherited into a bash shell, though I've
  never tried.
  Good luck.
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• Bash vulnerability in Solaris 10

  http://seclists.org/oss-sec/2014/q3/650
  https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
  Any plans for a hotfix for bash on Solaris 10?
  $env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  vulnerable
  this is a test
  SunOS hostname 5.10 Generic_150401-13 i86pc i386 i86pc
  $bash -version
  GNU bash, version 3.2.51(1)-release (i386-pc-solaris2.10)
  Copyright (C) 2007 Free Software Foundation, Inc.
  $pkginfo -l SUNWbash
     PKGINST:  SUNWbash
        NAME:  GNU Bourne-Again shell (bash)
    CATEGORY:  system
        ARCH:  i386
     VERSION:  11.10.0,REV=2005.01.08.01.09
     BASEDIR:  /
      VENDOR:  Oracle Corporation
        DESC:  GNU Bourne-Again shell (bash) version 3.2
      PSTAMP:  sfw10-patch-x20120813130538
    INSTDATE:  Aug 19 2014 07:23
     HOTLINE:  Please contact your local service provider
      STATUS:  completely installed
       FILES:        4 installed pathnames
                     2 shared pathnames
                     2 directories
                     1 executables
                  1250 blocks used (approx)

  Hard to say whether it's safer to wait or safer to patch it yourself in the meantime but, if like me you'd rather not wait an indefinite period of time for a patch, here is a patching process that's working for me:
  Found the newest GNU patch compiled for Solaris on Open CSW: bash - Solaris package
  To install, you'll want the CSW package utility. Here are some instructions, but I'll also go over it below: Getting started — OpenCSW 0.2014.04 documentation
  You may already have the CSW package utilities installed, check under "/opt/csw/bin" for "pkgutil". If it's not there, issue
  pkgadd -d http://get.opencsw.org/now
  Then, I like to add a symbolic link into /usr/bin to make it easier:
  sudo ln -s /opt/csw/bin/pkgutil /usr/bin/pkgutil
  Now we can do the install -- pkgutil is going to handle all the heavy lifting, dependency building etc., and place the new bash binary into "/opt/csw/bin"
  sudo pkgutil -U
  sudo pkgutil -a bash
  sudo pkgutil -i bash
  Follow the prompts, and then look under /opt/csw/bin for bash:
  ls /opt/csw/bin | grep bash
  If you see it listed there w/ a Sep 25th date (or later, if you're following these instructions in my future), then you're ready for the final step -- replacing the old bash binary with the new.
  We're going to replace /usr/bin/bash with a link to /opt/csw/bin/bash. I was worried this step would crash running processes and applications (weblogic, BI, db instances), but so far no issues -- that said, PLEASE be careful and shutdown anything you can first! I can't be sure this step will work w/o any hiccups every time.
  cd /usr/bin
  sudo cp bash bash-old
  sudo ln -f /opt/csw/bin/bash /usr/bin/bash
  You can see we backed up the old bash install (4.1), in case something goes wrong. When finished, issue that command and you should see an error message now:
  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  bash: warning: x: ignoring function definition attempt
  bash: error importing function definition for `x'
  this is a test
  Again, BE CAREFUL -- while I was figuring this out, I did take down a couple zones to the point where I couldn't SSH back into them.
  That said, the steps above are working flawlessly for me -- BUT I can't guarantee you'll have the same experience!

• Bash vulnerability bash CVE-2014-6271 on Cisco devices

  Hi, all,
  Anybody know whether any Cisco devices are vulnerable to  recent bash CVE-2014-6271? I am especially concerned about ASA which opens https to the public.
  Thanks,

  Have a look here: 
  http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Bash_09252014.html
  and here:
  http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Under affected products. 

• CUCM GNU BASH vulnerability

  Hi
  Cisco advisory states that versions 9.0, and 9.1 are vulnerable and a fix (9.1(2.13060.1)) is available however I do not see this file available on the downloads page. 
  https://software.cisco.com/download/release.html?mdfid=284510097&flowid=45900&softwareid=282074295&release=9.1(2)SU2a&relind=AVAILABLE&rellifecycle=&reltype=latest
  does anyone know where is this upgrade file available?

  The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
  http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
  states :
  This package will install on the following System Versions: 
    - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
   - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
   - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
   - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
   - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 
  So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
  Regards.

• Install Guide for the Patch CSCur04820 (Bash Vulnerability)

  Dear Community,
  is there a documentation for the installation of patch CSCur04820 on Prime Collaboration Assurance 10.5.1? In the software downloads sections, there is no readme file provided.
  Your answers are greatly appreciated.
  Best regards
  Igor

  Duplicate
  https://supportforums.cisco.com/discussion/12415666/install-guide-patch-cscur04820-bash-vulnerability

• Fix for GNU bash vulnerability CSCur05454 in Instant Messaging & presence server available?

  Hello,
  bug reports says 'Status: fixes' but I cannot find a patch for IM&P.
  any information abaout that?
  Juergen

  The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
  http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
  states :
  This package will install on the following System Versions: 
    - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
   - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
   - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
   - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
   - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 
  So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
  Regards.

• CVE-2014-6271 bash vulnerability

  more info on this here:
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
  http://www.reddit.com/r/sysadmin/comments/2hc5rk/cve20146271_remote_code_executi on_through_bash/
  I'm assuming Apple will release a security update for this on supported versions of the Mac OS but in the meantime, is there a fix that we can apply?   What is an easy way to patch this on older OS versions that Apple is no longer supporting?    (perhaps something short of recompiling bash)

  I had foolishly imagined that the update to "Command Line Tools (OS X 10.9)" released (I thought?) today would fix this. It does not. The referenced fixes do, although, as sjabour said, don't just run those blindly: understand what they do.
  As an aside, after patching other Unix systems I care for, I also changed all users' (and, on Linux, root's) shells to something else (I like Zsh, although that may not be right for root in all cases). On Darwin, root's shell is "/bin/sh", but, as with most Linux distributions, that's actually just bash. You absolutely can execute Zsh as sh, and have it behave as an sh-alike, so if you aren't comfortable with patching and rebuilding, but are comfortable with basic SA practice (or you just don't have XCode for whatever reason), you could replace the bash /bin/sh with a hard link to /bin/zsh instead, like this:
  % cd /bin
  % sudo ln sh sh-real
  % sudo ln -f zsh sh
  % ls -li sh* zsh
    334241 -rwxr-xr-x  2 root  wheel   530320 Oct 31  2013 sh
     11118 -r-xr-xr-x  1 root  wheel   942308 Sep 24 23:53 sh-real
  18050387 ----------  1 root  wheel  1228304 Sep 24 23:51 sh.CVE-2014-6271
    334241 -rwxr-xr-x  2 root  wheel   530320 Oct 31  2013 zsh
  % sudo su -
  # echo $SHELL
  /bin/sh
  # /bin/sh --version
  zsh 5.0.2 (x86_64-apple-darwin13.0)

• BASH vulnerability in TE software

  https://tools.cisco.com/bugsearch/bug/CSCur05162
  Does anyone else see some bad info on the above web page ...   Indicates that its fixed by but does not show what version ... seems lin TE 4.1.5 should be the fixed version
  The page for TC software seems to have more accurate info

  OK, I do see some corrections...
  Known affected release is now correctly listed as 4.1...
  Status shows as "Fixed"   but nothing is listed under the known fixed release column???
  I am being pressed for a date the new software will be available

• ASR1K GNU Bash Vulnerability Rommon requirement (CVE-2014-6271 and CVE-2014-7169)

  Does any one knows which version recommended ROMmon Release by 3.13.X
  Because there was no information by release note  
  Thanks a lot~

  Your Oracle Linux system should be configured to automatically install packages either from the Unbreakable Linux Network or public-yum.oracle.com. You might want to ask your Linux sysadmin for assistance if your servers aren't already configured for updates.
  You can also check Chapter 1 and Chapter 2 of the Oracle Linux Administrator's Guide for more details on using ULN or public-yum: Oracle® Linux (it's for OL6 but the concepts are the same for OL5).

• Bash CVE-2014-6271 Vulnerability

  Excuse me if this was already posted. I searched title's only for bash and 6271 and didn't see any results.
  Cut and paste from CVE-2014-6271 Bash vulnerability allows remote execution arbitrary code:
  This morning a flaw was found in Bash with the way it evaluated certain environment variables. Basically an attacker could use this flaw to override or bypass environment restrictions to execute shell commands. As a result various services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
  Details on CVE-2014-6271 from the MITRE CVE dictionary and NIST NVD (page pending creation).
  I’m currently patching servers for this. The issue affects ALL products which use Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by applications. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such!
  To test if your version of Bash is vulnerable run the following command:
  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  If that command returns the following:
  vulnerable this is a test
  …then you are using a vulnerable version of Bash and should patch immediately. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
  bash: warning: x: ignoring function definition attempt
  bash: error importing function definition for `x'
  this is a test
  Arch Linux CVE-2014-6271 patch:
  pacman -Syu
  Last edited by hydn (2014-09-28 20:57:41)

  On a related note.  I post this here as it might be of interest to some members....
  I just checked my DD-WRT based router for this vulnerability.   It comes stock with Busybox and does not seem to be vulnerable, but...   I keep bash on a separate partition which gets mounted on /opt.  That bash is vulnerable.  Until the DD-WRT project catches up, I suggest anyone using that router firmware consider disabling Bash for the time being and stick with BB.
  Also, as another aside, ArchArm has this fix in place now and is safely running on my Raspberry Pi.   
  I did kill the ssh service on the Windows Box that let me into bash via Cygwin.  Cygwin Bash is vulnerable as of when I began this post.
  Last edited by ewaller (2014-09-25 18:26:18)

• Skype - Intrusion Attempts GNU BASH

  As reported by Norton, something in Skype keeps attempting an so-called "GNU Bash".
  These intrusion attempts have just started today and originate from SKYPE.EXE. I am not actively Skyping with anyone, have not downloaded anything through Skype today, and have Skype minimized. I do have the ads partly blocked (cannot see them), but they are still possibly there and are likely the cause. There are likely some bad ads going around..
  Solved!
  Go to Solution.

  This is more than likely not Skype specific though in this case it sounds related to an infected advertisement.  The GNU Bash vulnerability has pretty much gone rampant online.  It doesn't have to be an advertisement and can be any user or Skype user attacking a range of IPs that their computer interacts with.  The only computers affected by that vulnerability are Linux/Mac users and similar devices that use Bash that haven't been patched.  Bash by default is not installed on OSX unless someone enables advanced Unix services.  That vulnerability would have no effect on a Windows user.  So if any of your contacts have Bash installed on a device/OS you might urge them to get it patched or to uninstal it, if not needed.